json-jwt 1.4.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6817c45c39a6ae6f9240df8b7edb8d407ef79744
-  data.tar.gz: 8f97ad80b2d8fda2732b8cbbf8166b9ca8bca404
+  metadata.gz: e593ec307b6ef4d7c0f401221c585c615c86c918
+  data.tar.gz: 4068c3885a7f8417b577f0b5413f567f94612488
 SHA512:
-  metadata.gz: 1cc01ddbca74f1dd13cc054e5b3e2d1d9242191309526a29c1c1e75e5c5f08d70cb79c208dd4afb1b7dc948bed2b85adef25f5c8a9314ec0f5ff256a9cbdd0b2
-  data.tar.gz: 17b0980e989fd63dcf0ee5ee48dd8cc44d38ead751ecf6523e2ea4ed7d820b520be0502d0fb9265d73c330bf0aebd8c7794b610d69373526bfc3d14a4803fe4a
+  metadata.gz: b15ef784c658a73d9cf7e5d79fc55966008d08c87f8d1b3b4a4384fd3017a410f490e008ecdbd12d4fdd2347c337533857b66db5569d293c9622a90cbcd1604c
+  data.tar.gz: 33b50220dfd570e1982d98a3e1a1ee30f52e4d2a3bfb49b616ba24c60463dcac23554c6fc1cbb3da3ee4f7a684f81c6101c7a84839bc727ca578cff2d0d7c313

data/README.md

@@ -14,183 +14,42 @@ gem install json-jwt
 
 * View Source on GitHub (https://github.com/nov/json-jwt)
 * Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
+* Documentation on GitHub (https://github.com/nov/json-jwt/wiki)
 
 ## Examples
 
-### JWT, JWS and JWE
-
-#### Encoding
-
 ```ruby
 require 'json/jwt'
 
+private_key = OpenSSL::PKey::RSA.new <<-PEM
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyBKIFSH8dP6bDkGBziB6RXTTfZVTaaNSWNtIzDmgRFi6FbLo
+ :
+-----END RSA PRIVATE KEY-----
+PEM
+
+public_key = OpenSSL::PKey::RSA.new <<-PEM
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBKIFSH8dP6bDkGBziB6
+ :
+-----END PUBLIC KEY-----
+PEM
+
+# Sign & Encode
 claim = {
   iss: 'nov',
   exp: 1.week.from_now,
   nbf: Time.now
 }
+jws = JSON::JWT.new(claim).sign(private_key, :RS256)
+jws.to_s
 
-# No signature, no encryption
-jwt = JSON::JWT.new(claim).to_s
-
-# With signiture, no encryption
-jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
-jws.to_s # => header.payload.signature
-jws.to_json(syntax: :general) # => General JWS JSON Serialization
-jws.to_json(syntax: :flatten) # => Flattened JWS JSON Serialization
-
-# With signature & encryption
-jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
-jwe.to_s # => header.encrypted_key.iv.cipher_text.authentication_tag
-```
-
-Supported `key` are
-* `String`
-* `OpenSSL::PKey::RSA`
-* `OpenSSL::PKey::EC`
-* `JSON::JWK`
-* `JSON::JWK::Set` # NOTE: proper `JSON::JWK` in the set will be selected by `kid` in the header.
-
-Supported `algorithm` are
-
-For JWS
-* `HS256`
-* `HS384`
-* `HS512`
-* `RS256`
-* `RS384`
-* `RS512`
-* `ES256`
-* `ES384`
-* `ES512`
-
-For JWE
-* `RSA1_5`
-* `RSA-OAEP`
-* `dir`
-
-Supported `encryption_method` are
-* `A128GCM`
-* `A256GCM`
-* `A128CBC-HS256`
-* `A256CBC-HS512`
-
-#### Decoding
-
-```ruby
+# Decode & Verify
 input = "jwt_header.jwt_claims.jwt_signature"
-JSON::JWT.decode(input, key)
-```
-
-`input` can be JSON, in that case, it's handled as General/Flattened JWS JSON Serialization.
-
-NOTE: General JWS JSON Serialization with multiple signatures aren't supported.
-
-Supported `key` are
-* `String`
-* `OpenSSL::PKey::RSA`
-* `OpenSSL::PKey::EC`
-* `JSON::JWK`
-* `JSON::JWK::Set` # NOTE: proper `JSON::JWK` in the set will be selected by `kid` in the header.
-* `:skip_verification` # NOTE: skip signature verification
-
-### JWK
-
-`JSON::JWK.new` accepts these instances as key inputs
-* `String` # NOTE: for shared key (kty=oct)
-* `OpenSSL::PKey::RSA`
-* `OpenSSL::PKey::EC`
-* `JSON::JWK`
-* `Hash`
-
-This gem also defines
-* `OpenSSL::PKey::RSA#to_jwk`
-* `OpenSSL::PKey::EC#to_jwk`
-
-#### RSA
-
-```ruby
-k = OpenSSL::PKey::RSA.new(2048)
-
-k.to_jwk # NOTE: same with `JSON::JWK.new(k)`
-# => JSON::JWK (private key)
-
-k.public_key.to_jwk
-# => JSON::JWK (public key)
+JSON::JWT.decode(input, public_key)
 ```
 
-```ruby
-jwk = JSON::JWK.new(
-  kty: "RSA",
-  e: "AQAB",
-  n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw",
-  d: "BZCgNopMBdQPuHSzZMA_hmnfBHgGHrWQKlNd7x-NkCGWf-5PpPIJHNK3K0DvKetVi3FLNRYTS3ctvqeyoXgyR36HKlsJLrkpqWnvjvV_jygpUs1sXLKUJcyD7foLawfUCO90KxF_-24367967rLrqXldehkw2F3Ppy2Dw5FyU2qBqcpLeruBt6-UdMmBufzNQLisPJ67vhCTVrTNaHDDeCK2gHI3gqsnnbzOMS45VknmFOgKUp1C8GZu5BsT-AdDApEtY-DRZqnr6BxZv4-hG5OdEUA4_LCaI6JwlaAzv0Z74jpBZDC73cXWKJPgVuhARZcll5cexB2_EpgZDB6akQ",
-  p: "6GFVNgaXcW39NG-sRqKPzFtz1usfAkdCydPmfZirfHRhSh3OojX3Glbe7BI_SRSOLc2d2xw2_ZwKRlruY44aGEf4s5gD_nKgq2QS-1cA5uNAU91wRtY2rdoAuCnk2BX3WTZPnzyxkokFY0S0R_9IpJhRz72ggxYyhx0ymRUBIWc",
-  q: "5h1QX2JWLbcIT_cfrkmMoES1z06Fu88MLORYppiRDqkXl3CJFxKFtKJtDPLTf0MeTFexh81V52Ztsd8UttPInyDl9l5T0AOy8NmqHKqjI1063uy4bnHWetN7ovHftc_TOlnldAoQh9bmhZAhEyGlwa5Kros2YD2amIgDhcOmRO0"
-)
-jwk.to_key
-# => OpenSSL::PKey::RSA (private key)
-
-jwk = JSON::JWK.new(
-  kty: "RSA",
-  e: "AQAB",
-  n: "0OIOijENzP0AXnxP-X8Dnazt3m4NTamfNsSCkH4xzgZAJj2Eur9-zmq9IukwN37lIrm3oAE6lL4ytNkv-DQpAivKLE8bh4c9qlB9o32VWyg-mg-2af-JlfGXYoaCW2GDMOV6EKqHBxE0x1EI0tG4gcNwO6A_kYtK6_ACgTQudWz_gnPrL-QCunjIMbbrK9JqgMZhgMARMQpB-j8oet2FFsEcquR5MWtBeAn7qC1AD2ya0EmzplZJP6oCka_VVuxAnyWfRGA0bzCBRIVbcGUXVNIXpRtA_4960e7AlGfMSA-ofN-vo7v0CMkA8BwpZHai9CAJ-cTCX1AVbov83LVIWw"
-)
-jwk.to_key
-# => OpenSSL::PKey::RSA (public key)
-```
-
-#### EC
-
-```ruby
-k = OpenSSL::PKey::EC.new('prime256v1').generate_key
-
-k.to_jwk
-# => JSON::JWK (private key)
-
-k.private_key = nil
-k.to_jwk
-# => JSON::JWK (public key)
-```
-
-```ruby
-jwk = JSON::JWK.new(
-  kty: "EC",
-  crv: "P-256",
-  x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
-  y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU",
-  d: "MCOTV6Ncg7KTuGh1hTa029ZVkqdlaXaYnfLSkZjJ_uE"
-)
-jwk.to_key
-# => OpenSSL::PKey::EC (private key)
-
-jwk = JSON::JWK.new(
-  kty: "EC",
-  crv: "P-256",
-  x: "D4L5V9QocZvfuEEGfGD5YCEbIcXR-KfF7RqqZUaovJ8",
-  y: "VX0T94KUo0YkhuvT2q0MXMOTtfaIjDS4fb9ii54g4gU"
-)
-jwk.to_key
-# => OpenSSL::PKey::EC (public key)
-```
-
-#### oct
-
-NOTE: no `String#to_jwk` is defined for now.
-
-```ruby
-JSON::JWK.new 'secret'
-# => JSON::JWK
-```
-
-```ruby
-jwk = JSON::JWK.new(
-  kty: "oct",
-  k: "secret"
-)
-jwk.to_key
-# => String
-```
+For more details, read [Documentation Wiki](https://github.com/nov/json-jwt/wiki).
 
 ## Note on Patches/Pull Requests
 

data/VERSION

@@ -1 +1 @@
-1.4.0
+1.5.0

data/lib/json/jose.rb

@@ -1,11 +1,46 @@
 require 'securecompare'
 
 module JSON
-  class JOSE < JWT
-    include SecureCompare
+  module JOSE
+    extend ActiveSupport::Concern
 
-    def content_type
-      'application/jose'
+    included do
+      extend ClassMethods
+      include SecureCompare
+      register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
+      alias_method :algorithm, :alg
+
+      attr_accessor :header
+      def header
+        @header ||= {}
+      end
+
+      def content_type
+        @content_type ||= 'application/jose'
+      end
+    end
+
+    module ClassMethods
+      def register_header_keys(*keys)
+        keys.each do |header_key|
+          define_method header_key do
+            self.header[header_key]
+          end
+          define_method "#{header_key}=" do |value|
+            self.header[header_key] = value
+          end
+        end
+      end
+
+      def decode(input, key_or_secret = nil)
+        if input.is_a? Hash
+          decode_json_serialized input, key_or_secret
+        else
+          decode_compact_serialized input, key_or_secret
+        end
+      rescue MultiJson::DecodeError
+        raise JWT::InvalidFormat.new("Invalid JSON Format")
+      end
     end
   end
 end

data/lib/json/jwe.rb

@@ -2,13 +2,15 @@ require 'securerandom'
 require 'bindata'
 
 module JSON
-  class JWE < JOSE
+  class JWE
     class InvalidFormat < JWT::InvalidFormat; end
     class DecryptionFailed < JWT::VerificationFailed; end
     class UnexpectedAlgorithm < JWT::UnexpectedAlgorithm; end
 
     NUM_OF_SEGMENTS = 5
 
+    include JOSE
+
     attr_accessor(
       :public_key_or_secret, :private_key_or_secret,
       :plain_text, :cipher_text, :authentication_tag, :iv, :auth_data,
@@ -22,10 +24,6 @@ module JSON
       self.plain_text = input.to_s
     end
 
-    def content_type
-      'application/jose'
-    end
-
     def encrypt!(public_key_or_secret)
       self.public_key_or_secret = public_key_or_secret
       cipher.encrypt
@@ -67,7 +65,7 @@ module JSON
           ciphertext: UrlSafeBase64.encode64(cipher_text),
           tag:        UrlSafeBase64.encode64(authentication_tag)
         }
-      when :flattened
+      else
         {
           protected:     UrlSafeBase64.encode64(header.to_json),
           encrypted_key: UrlSafeBase64.encode64(jwe_encrypted_key),
@@ -75,8 +73,6 @@ module JSON
           ciphertext:    UrlSafeBase64.encode64(cipher_text),
           tag:           UrlSafeBase64.encode64(authentication_tag)
         }
-      else
-        super
       end
     end
 

data/lib/json/jws.rb

@@ -1,5 +1,5 @@
 module JSON
-  class JWS < JOSE
+  class JWS < JWT
     class InvalidFormat < JWT::InvalidFormat; end
     class VerificationFailed < JWT::VerificationFailed; end
     class UnexpectedAlgorithm < JWT::UnexpectedAlgorithm; end

data/lib/json/jwt.rb

@@ -3,32 +3,21 @@ require 'url_safe_base64'
 require 'multi_json'
 require 'active_support'
 require 'active_support/core_ext'
+require 'json/jose'
 
 module JSON
   class JWT < ActiveSupport::HashWithIndifferentAccess
-    attr_accessor :header, :signature
+    attr_accessor :signature
 
     class Exception < StandardError; end
     class InvalidFormat < Exception; end
     class VerificationFailed < Exception; end
     class UnexpectedAlgorithm < VerificationFailed; end
 
-    class << self
-      def register_header_keys(*keys)
-        keys.each do |header_key|
-          define_method header_key do
-            self.header[header_key]
-          end
-          define_method "#{header_key}=" do |value|
-            self.header[header_key] = value
-          end
-        end
-      end
-    end
-    register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
-    alias_method :algorithm, :alg
+    include JOSE
 
     def initialize(claims = {})
+      @content_type = 'application/jwt'
       self.typ = :JWT
       self.alg = :none
       [:exp, :nbf, :iat].each do |key|
@@ -37,14 +26,6 @@ module JSON
       update claims
     end
 
-    def content_type
-      'application/jwt'
-    end
-
-    def header
-      @header ||= {}
-    end
-
     def sign(private_key_or_secret, algorithm = :HS256)
       jws = JWS.new self
       jws.alg = algorithm
@@ -97,16 +78,6 @@ module JSON
     end
 
     class << self
-      def decode(input, key_or_secret = nil)
-        if input.is_a? Hash
-          decode_json_serialized input, key_or_secret
-        else
-          decode_compact_serialized input, key_or_secret
-        end
-      rescue MultiJson::DecodeError
-        raise InvalidFormat.new("Invalid JSON Format")
-      end
-
       def decode_compact_serialized(jwt_string, key_or_secret)
         case jwt_string.count('.') + 1
         when JWS::NUM_OF_SEGMENTS
@@ -132,7 +103,6 @@ module JSON
   end
 end
 
-require 'json/jose'
 require 'json/jws'
 require 'json/jwe'
 require 'json/jwk'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-08 00:00:00.000000000 Z
+date: 2015-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json